Explore top 10 tips to secure your open-source projects now. Read More
×Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ffaebbf2f0 2026-07-06 15:09:07.087500+00:00 -------------------------------------------------------------------------------- Name : sandogasa Product : Fedora 43 Version : 0.15.3 Release : 2.fc43 URL : https://github.com/slopfest/sandogasa Summary : A collection of Fedora and CentOS packaging tools Description : A collection of tools and libraries for Fedora package maintenance and contributor activity tracking, built around shared API clients for Bugzilla, Bodhi, NVD, dist-git, Discourse, FASJSON, and HyperKitty. The name **sandogasa** (菅笠) refers to a Japanese straw hat often associated with "slum" or post-apocalyptic robots in popular culture. -------------------------------------------------------------------------------- Update Information: Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa v0.15.3 ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution) ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable dbranch rebuild — createsdebian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195 sandogasa-report: consistent commit detail levels across forges Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153 v0.15.2 New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity issue filing); powers sandogasa-report's Forgejo accounting ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives sandogasa-report — Forgejo PR-merge and issue accounting Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Michel Lind - 0.15.3-2 - Rebuild for rust-quick-xml 0.41.0 * Fri Jul 3 2026 Michel Lind - 0.15.3-1 - Update to version 0.15.3 * Mon Jun 29 2026 Michel Lind - 0.15.2-1 - Update to version 0.15.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494601 - rust-quick-xml-0.41.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494601 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ffaebbf2f0' at the command line. For more information, refer to the dnfdocumentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update sandogasa for Fedore 43 to address two critical security issues. Upgrade quickly to mitigate threats.. Fedora updates, sandogasa security, quick-xml update, Linux package security, security advisories. . LinuxSecurity.com Team
Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ffaebbf2f0 2026-07-06 15:09:07.087500+00:00 -------------------------------------------------------------------------------- Name : rust-reqsign-aws-v4 Product : Fedora 43 Version : 3.0.1 Release : 2.fc43 URL : https://crates.io/crates/reqsign-aws-v4 Summary : AWS SigV4 signing implementation for reqsign Description : AWS SigV4 signing implementation for reqsign. -------------------------------------------------------------------------------- Update Information: Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa v0.15.3 ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution) ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195 sandogasa-report: consistent commit detail levels across forges Fulldetails: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153 v0.15.2 New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity issue filing); powers sandogasa-report's Forgejo accounting ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives sandogasa-report — Forgejo PR-merge and issue accounting Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Michel Lind - 3.0.1-2 - Allow building against quick-xml 0.41 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494601 - rust-quick-xml-0.41.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494601 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ffaebbf2f0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical advisory for Fedora 43 fixes two important security issues inrust-reqsign-aws-v4 application. Essential update recommended.. Fedora security advisory, rust-reqsign-aws-v4 update, critical security fix, sandogasa advisory. . LinuxSecurity.com Team
Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ffaebbf2f0 2026-07-06 15:09:07.087500+00:00 -------------------------------------------------------------------------------- Name : rust-busd Product : Fedora 43 Version : 0.5.0 Release : 3.fc43 URL : https://crates.io/crates/busd Summary : D-Bus bus (broker) implementation Description : A D-Bus bus (broker) implementation. -------------------------------------------------------------------------------- Update Information: Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa v0.15.3 ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution) ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195 sandogasa-report: consistent commit detail levels across forges Fulldetails: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153 v0.15.2 New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity issue filing); powers sandogasa-report's Forgejo accounting ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives sandogasa-report — Forgejo PR-merge and issue accounting Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Michel Lind - 0.5.0-3 - Allow building against quick-xml 0.41 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494601 - rust-quick-xml-0.41.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494601 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ffaebbf2f0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update to rust-busd in Fedora 43 includes security fixes and improvements for sandogasaand dependencies.. Rust Busd Update Fedora 43 Sandogasa Security Advisory. . LinuxSecurity.com Team
Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b25dca4806 2026-07-06 14:53:30.168848+00:00 -------------------------------------------------------------------------------- Name : rust-reqsign-aws-v4 Product : Fedora 44 Version : 3.0.1 Release : 2.fc44 URL : https://crates.io/crates/reqsign-aws-v4 Summary : AWS SigV4 signing implementation for reqsign Description : AWS SigV4 signing implementation for reqsign. -------------------------------------------------------------------------------- Update Information: Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa v0.15.3 ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution) ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 for RUSTSEC-2026-0194/-0195 sandogasa-report: consistent commit detail levels across forges Fulldetails: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153 v0.15.2 New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity issue filing); powers sandogasa-report's Forgejo accounting ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives sandogasa-report — Forgejo PR-merge and issue accounting Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Michel Lind - 3.0.1-2 - Allow building against quick-xml 0.41 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494601 - rust-quick-xml-0.41.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494601 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b25dca4806' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update quick-xml addressing two major security risks in rust-reqsign-aws-v4, ensuringreliability and stability in Fedora 44.. rust-reqsign-aws-v4 security fix Fedora 44 quick-xml update. . LinuxSecurity.com Team
Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b25dca4806 2026-07-06 14:53:30.168848+00:00 -------------------------------------------------------------------------------- Name : rust-wayland-scanner Product : Fedora 44 Version : 0.31.10 Release : 3.fc44 URL : https://crates.io/crates/wayland-scanner Summary : Wayland Scanner for generating rust APIs from XML wayland protocol files Description : Wayland Scanner for generating rust APIs from XML wayland protocol files. -------------------------------------------------------------------------------- Update Information: Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa v0.15.3 ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution) ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 forRUSTSEC-2026-0194/-0195 sandogasa-report: consistent commit detail levels across forges Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153 v0.15.2 New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity issue filing); powers sandogasa-report's Forgejo accounting ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives sandogasa-report — Forgejo PR-merge and issue accounting Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Michel Lind - 0.31.10-3 - Allow building against quick-xml 0.41 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494601 - rust-quick-xml-0.41.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494601 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b25dca4806' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update quick-xml in Fedora 44 via important security advisories for the wayland-scanner application.. Fedora 44 security update, wayland-scanner issues, quick-xml patch. . LinuxSecurity.com Team
Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-b25dca4806 2026-07-06 14:53:30.168848+00:00 -------------------------------------------------------------------------------- Name : mir Product : Fedora 44 Version : 2.26.0 Release : 2.fc44 URL : https://canonical.com/mir Summary : Next generation Wayland display server toolkit Description : Mir is a Wayland display server toolkit for Linux systems, with a focus on efficiency, robust operation, and a well-defined driver model. -------------------------------------------------------------------------------- Update Information: Update quick-xml for two security advisories, rebuild dependents, and update sandogasa to the latest https://rustsec.org/advisories/RUSTSEC-2026-0194.html https://rustsec.org/advisories/RUSTSEC-2026-0195.html sandogasa v0.15.3 ebranch base-distro guard — resolve/file-requests now know EPEL must not replace RHEL/CentOS Stream packages: deps present in the base at a too-old version are blocked with clear options (alternate package via --override, or lower the requirement) instead of becoming CANTFIX branch requests; file-requests re-checks the base before filing New sandogasa-sourcehut crate — sr.ht GraphQL client; sandogasa-report gains a Sourcehut section (patches, tickets, commits split yours vs third-party, git_emails attribution) ebranch check-crate — human report on stderr alongside --koji/--copr machine output, so build scripts stay pipeable dbranch rebuild — creates debian/gbp.conf when the Debian branch has none and handles the modern single-line salsa-ci.yml Robustness: 120s HTTP timeout on every client; --version on every tool; quick-xml bumped to 0.41 forRUSTSEC-2026-0194/-0195 sandogasa-report: consistent commit detail levels across forges Full details: https://github.com/slopfest/sandogasa/blob/v0.15.3/CHANGELOG.md#v0153 v0.15.2 New sandogasa-review crate — shared keep/explain/remove resolution for reviewer-curated findings; adopted by fedora-review-digest, ebranch check-update, and fedora-cve-triage New sandogasa-forgejo crate — Forgejo/Gitea REST API client (PR activity issue filing); powers sandogasa-report's Forgejo accounting ebranch check-update overhaul — condensed output (counts + version grouping), reviewer curation of blocking findings before karma, branch inference for Fedora side tags (EPEL still needs -b al9 -r @epel), plus fixes for stale-side-tag and rich-dep installability false positives and large-update performance fedora-cve-triage — per-bug keep/explain/remove review before closing detected false positives sandogasa-report — Forgejo PR-merge and issue accounting Full details: https://github.com/slopfest/sandogasa/blob/v0.15.2/CHANGELOG.md#v0152 -------------------------------------------------------------------------------- ChangeLog: * Fri Jul 3 2026 Michel Lind - 2.26.0-2 - Rebuild for rust-quick-xml 0.41.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2494601 - rust-quick-xml-0.41.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2494601 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b25dca4806' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Fedora 44 security advisory updating quick-xml and sandogasa for vulnerabilities reported on RustSec.. Fedora Security Advisory, quick-xml Update, sandogasa Dependency, Linux Applications, Security Vulnerabilities. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.